LDAP Confluence syncronization

While experimenting to sync LDAP to Confluence we synced more than 400 user accounts by setting thee wrong user object filter. Now we have the correct user object filter. How can I delete those user accounts and resyncronize to get only the accounts that fulfill the filter criteria?

How long would it generally take to syncronize? We keep getting timeout errors? We have more than 100000 users.

Thanks

Ravi

2 answers

Hi Ravi,

Regarding the synchronization, sometimes it needs to flush the directory cache after a modification in the directory configuration.

You can flush the cache by disabling the LDAP directory, enabling it again and manually triggering the synchronization. After this you should see the correct list of users that match the LDAP filter.

Cheers

Hi Ravi,

From your amount of users we highly recommend you to consider delegation method instead of syncrhonization connector method due to its limitation as describe here.

If you prefer to use sycnrhonization we recommend you to create multiple directories and configure it in a way so each directories does not pull more users than the recommended limit mentioned here also make sure it would not trigger the synchornization in the same time.

Hope it helps.

Cheers,
Septa Cahyadiputra

Septa,

Thanks for the information. I think this makes more sense in our case. How ever, I am confused on how user accounts will be created in Confluence when using delegation method.

From my understanding, I will create an internal directory with LDAP and provide all the criteria on searching user objects. I am not sure about the next step of actually having a user account created and assigned privileges in Confluence.

By checking on the option of Create User on Login, I was able to create a user in Confluence when the user tries to log in, but the user sees an error page saying he does not have any permissions. I had to then manually go to his user id and assign him into proper groups. Though this works, I am trying to see if my administrator can create an user account which authenticates with the internal LDAP delegation, assign proper groups to that user account and then send a notification email out to the user. That would be an ideal scenario for us. Also, our user names are not lowercase.


Can you please provide some insight into that?

Thanks

Ravi

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Thursday in Off-topic

Friday Fun: Magic Eyes

...staring into the background. Once the image pops out in 3D, you can look around the picture and enjoy. If you will see if you are a true illusion master! :) You did it? :) Wow! Awesome! As a bonus...

412 views 79 11
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you